<!--Gordana Pejic 191/01-->
<?php

function filled_out($form_vars) {
    foreach ($form_vars as $key => $value) {
        if ((!isset($key)) || ($value == '')) {
            return false;
        }
    }
    return true;
}

require 'db.php';
$con = dbConnect("sib");
$usern = $_POST["username"];

if (!filled_out($_POST))   // slucaj da nisu unesena sva polja
{  header("Location: ../index.php?err=1");
}
else{

    $chck = "SELECT * FROM user WHERE UserName='$usern'"; // pogresno unesen user ili pass
    $result = mysql_query($chck, $con);
    if (mysql_num_rows($result) >= 1) {
    $row = mysql_fetch_array($result);
        if ($row['Password'] != $_POST["password"]) {
            header("Location: ../index.php?err=5");
        }
        else {
            session_start();
            $_SESSION['username'] = $usern;
            header('Location: ../index.php');
        }
    }
    else header("Location: ../index.php?err=1");
    
}

mysql_close($con);
?>
